Hereinbelow, a private network denotes a non-public network for which access is open only to certain users. This access is, for example, restricted by configuration information that a user needs to have in order, on the one hand, to identify the network and, on the other hand, to be authorized to access the network. Such information may, for example, be authentication parameters comprising an identifier of the network, such as an “SSID” (“Service Set Identifier”) identifier, associated with a network access key (e.g. WEP key, WEP standing for “Wired Equivalent Privacy”, WPA key, WPA standing for “Wi-Fi Protected Access”).
When a user who has administration rights for a private network wants to offer to share access to this network, called “host network”, to another user, one simple solution consists in explicitly communicating to the latter the configuration information allowing that user access. It is then possible for a user who is offered such sharing of an access, or “invited user”, to manually configure his or her terminal, hereinafter called “invited terminal”.
This solution does, however, present a security risk due in particular to the transmission of sensitive data to the invited user by the user who is offering to share the access to the host network, or “host user”. It also entails a step of inputting configuration information by the invited user, a particular source of errors in as much as it generally involves completing fields with alphanumeric character strings that are long and difficult to memorize.
The European patent application published on 22 Jun. 2011 under the reference EP 2337388 A2 describes a method enabling an invited terminal, already configured to access a visitor network via a visitor gateway, to access a host network via a host gateway with the identifier and network access key enabling it to access the visitor network. More specifically, the host gateway memorizes a unique identifier for each invited user entered by a host user who has administration rights on the host network. The host gateway then contacts a user database in order to obtain an address of the visitor gateway. Then, it sends a request to obtain the authentication parameters allowing access for the invited terminal to the visitor gateway. In the case where the latter memorizes a unique identifier of the host user, it returns the requested parameters to the host gateway. The host gateway then creates an access with the authentication parameters of the visitor gateway. The invited user is authenticated with the host gateway via the access created with the authentication parameters of the visitor gateway.
This solution presents certain drawbacks. Notably, it does not make it possible to offer access to a user terminal not previously already configured to access another network. Furthermore, it entails the sending, by the invited user, of his or her authentication parameters to the host user, which can be a significant security failing in the case of a malicious host user, or of a user spoofing the identity of the host user.